Bug 479849 - Digest algorithm preference is ignored
Digest algorithm preference is ignored
Product: Fedora
Classification: Fedora
Component: gnupg (Show other bugs)
All Linux
low Severity medium
: ---
: ---
Assigned To: Nalin Dahyabhai
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2009-01-13 10:44 EST by Miloslav Trmač
Modified: 2009-01-28 20:31 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2009-01-28 20:31:42 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Miloslav Trmač 2009-01-13 10:44:31 EST
Description of problem:
Key's algorithm preferences that say SHA-256 should be used are ignored.  Overriding the algorithm manually using --digest-algo works, though.

Version-Release number of selected component (if applicable):

Steps to Reproduce:
(irrelevant output parts skipped)

1. Create a key:
$ LC_ALL=C gpg --homedir /home/mitr/t --gen-key --default-preference-list 'sha256'
Please select what kind of key you want:
   (1) DSA and Elgamal (default)
   (2) DSA (sign only)
   (5) RSA (sign only)
Your selection? 5
What keysize do you want? (2048) 
Requested keysize is 2048 bits
Real name: test key

2. Verify SHA-256 is the preferred algorithm:
$ LC_ALL=C gpg --homedir /home/mitr/t --edit-key 'test key'
Command> showpref
[ultimate] (1). test key
     Cipher: 3DES
     Digest: SHA256, SHA1
     Compression: ZIP, Uncompressed
     Features: MDC, Keyserver no-modify

3. Sign something:

$ gpg --homedir /home/mitr/t --sign ~/linux-diff

4. Look what digest type is used:

$ LC_ALL=C gpg --homedir . --list-packets ~/linux-diff.gpg
:signature packet: algo 1, keyid 96C762145D3D055F
	version 4, created 1231860524, md5len 0, sigclass 0x00
	digest algo 2, begin of digest c8 2f
(Per RFC 4880, algo 1 = RSA, digest algo 2 = SHA-1)

5. Specify SHA-256 explicitly:

$ gpg --digest-algo sha256 --homedir /home/mitr/t --sign ~/linux-diff 

6. Verify gpg can generate SHA-256 if --digest-algo is used:

$ LC_ALL=C gpg --homedir . --list-packets ~/linux-diff.gpggpg: WARNING: unsafe <snip>
:signature packet: algo 1, keyid 96C762145D3D055F
	version 4, created 1231860613, md5len 0, sigclass 0x00
	digest algo 8, begin of digest 87 31
(digest algo 8 = SHA-256)

Expected results:
4. shows digest algo 8.

Additional info:
Perhaps SHA-256 is disabled by default and I need an extra option like to enable it, but --rfc4880 doesn't work and no other option in the documentation seems relevant.
Comment 1 Miloslav Trmač 2009-01-28 20:31:42 EST
After reading the source code I now realize the key preference applies to data sent _to_ the key owner, not _by_ the key owner.

Note You need to log in before you can comment on or make changes to this bug.